Skip Menu |
 

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 95671
Status: resolved
Priority: 0/
Queue: libwww-perl

People
Owner: ether [...] cpan.org
Requestors: maxime.therreault [...] fxinnovation.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 5.10



Subject: Secure (HTTPS) requests through proxy does not work
Date: Thu, 15 May 2014 18:04:54 +0000
To: "bug-libwww-perl [...] rt.cpan.org" <bug-libwww-perl [...] rt.cpan.org>
From: Maxime Therreault <maxime.therreault [...] fxinnovation.com>
Download (untitled) / with headers
text/plain 587b
I use latest version (6.06) of library. When I and do secure HTTPS requests using a proxy, the specified proxy is simply not accessed. The connection is made directly to the destination. I think I found the bug in the code at line 145 of the file LWP/Protocol/http.pm. Instead of : my $ssl_tunnel = $proxy && $url->scheme eq 'https' We should have : my $ssl_tunnel = $proxy && $proxy->scheme eq 'https' Also I wonder how this "SSL tunnel" could work. Is this a feature under development? I don't see any implementation of the method '_upgrade_sock' (line 188). Thanks!
Download (untitled) / with headers
text/plain 291b
On Thu May 15 14:05:07 2014, maxime.therreault@fxinnovation.com wrote: Show quoted text
> I use latest version (6.06) of library. > When I and do secure HTTPS requests using a proxy, the specified proxy
Can you post the code you're using to address the proxy, that'll help us reproduce the problem, thanks!
Subject: RE: [rt.cpan.org #95671] Secure (HTTPS) requests through proxy does not work
Date: Fri, 16 May 2014 18:48:34 +0000
To: "bug-libwww-perl [...] rt.cpan.org" <bug-libwww-perl [...] rt.cpan.org>
From: Maxime Therreault <maxime.therreault [...] fxinnovation.com>
Using the simlpe following code with any proxy server, you will find only the first request going through it, not the second one being secure. #!/usr/bin/perl use LWP::UserAgent; my $ua = new LWP::UserAgent; $ua->proxy(['http', 'https'], 'http://localhost:8888'); my $req = new HTTP::Request('GET', 'http://www.google.com/'); my $res = $ua->request($req); print $res->code, "\n"; my $req = new HTTP::Request('GET', 'https://www.google.com/'); my $res = $ua->request($req); print $res->code, "\n"; Show quoted text
-----Original Message----- From: Michael_Schilli via RT [mailto:bug-libwww-perl@rt.cpan.org] Sent: Friday, May 16, 2014 12:05 PM To: Maxime Therreault Subject: [rt.cpan.org #95671] Secure (HTTPS) requests through proxy does not work <URL: https://rt.cpan.org/Ticket/Display.html?id=95671 > On Thu May 15 14:05:07 2014, maxime.therreault@fxinnovation.com wrote:
> I use latest version (6.06) of library. > When I and do secure HTTPS requests using a proxy, the specified proxy
Can you post the code you're using to address the proxy, that'll help us reproduce the problem, thanks!
Download (untitled) / with headers
text/plain 1.8k
Greetings, On Fri May 16 12:04:55 2014, MSCHILLI wrote: Show quoted text
> Can you post the code you're using to address the proxy, that'll help > us reproduce the problem, thanks!
Confirming this problem - using this test code and watching both proxy server and destination web server a HTTP request goes via the proxy, a HTTPS request goes direct to the web server. #!/usr/bin/env perl use strict; use warnings; use LWP 6.06; use Getopt::Long; my ($proxy_url, $proxy_username, $proxy_password); my $ssl_opt_verify_hostname = 0; GetOptions( "proxy=s" => \$proxy_url, "user=s" => \$proxy_username, "pass=s" => \$proxy_password, "verify" => \$ssl_opt_verify_hostname, ) or die; { package MyUA; use base 'LWP::UserAgent'; # Simple - only care about giving proxy credentials sub get_basic_credentials { my($self, $realm, $uri, $isproxy) = @_; return $isproxy ? ($proxy_username, $proxy_password) : (); } } my $ua = MyUA->new(); $ua->proxy(['https','http'], $proxy_url); $ua->ssl_opts( verify_hostname => $ssl_opt_verify_hostname, ); print $ua->get($ARGV[0])->as_string; If I turn verify_hostname back on and access a site providing an untrusted certificate it's also clear the connection is bypassing the proxy as the error received is (substituting the hostname with servername.example.org): 500 Can't connect to servername.example.org:443 (certificate verify failed) Content-Type: text/plain Client-Date: Thu, 12 Jun 2014 04:41:20 GMT Client-Warning: Internal response Can't connect to servername.example.org:443 (certificate verify failed) LWP::Protocol::https::Socket: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /home/eguser/perl5/perlbrew/perls/perl-5.10.1/lib/site_perl/5.10.1/LWP/Protocol/http.pm line 41. Cheerio, Brad
Download (untitled) / with headers
text/plain 235b
I experienced the same problem and <my $ssl_tunnel = $proxy && $url->scheme eq 'https' Show quoted text
>my $ssl_tunnel = $proxy && $proxy->scheme eq 'https'
helped. Any chance to have this patch included in the next release? -- Serguei Trouchelle
oops wrong button.
Download (untitled) / with headers
text/plain 343b
There exists a workaround for the problem (found on stackoverflow: http://stackoverflow.com/a/17787133/44620) use LWP::UserAgent; $ua = LWP::UserAgent->new(); $ua->proxy('https', 'connect://proxyhost.domain:3128/'); $ua->get('https://www.somesslsite.com'); This way you can reach an SSL site using a proxy. It's not a fix, though.
Download (untitled) / with headers
text/plain 861b
Show quoted text
> $ua->proxy('https', 'connect://proxyhost.domain:3128/');
I don't see the need for this workaround using the connect:// scheme. The following code works perfectly for me with LWP 6.15 and I can also see that the access is done through the proxy: use LWP::UserAgent; my $ua = LWP::UserAgent->new; $ua->proxy(['http','https'], 'http://proxy:8000'); my $response = $ua->get('https://example.com/'); print $response->decoded_content; But, due to the various fallbacks LWP has in Net::HTTPS one can easily make this code not work by setting environment variable PERL_NET_HTTPS_SSL_SOCKET_CLASS="Net::SSL" or including Net::SSL before including LWP::UserAgent. In this case it will try to use Net::SSL/Crypt::SSLeay instead which does not work with the proxy settings in LWP but needs instead special settings using HTTPS_PROXY environment.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.